tessl/pypi-androguard
Comprehensive Python toolkit for Android application reverse engineering and security analysis.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
- Describes
'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/pypi-androguard@4.1.0index.mddocs/
Androguard
A comprehensive Python toolkit for Android application reverse engineering and security analysis. Androguard provides extensive capabilities for processing and analyzing various Android file formats including DEX/ODEX bytecode, APK packages, Android binary XML files, and Android resources.
Package Information
- Package Name: androguard
- Language: Python
- Installation:
pip install androguard - Python Requirements: Python >= 3.9
- License: Apache License 2.0
Core Imports
import androguardCommon for APK analysis:
from androguard.core.apk import APK
from androguard.core.dex import DEX
from androguard.core.axml import AXMLPrinter, ARSCParserFor analysis and decompilation:
from androguard.core.analysis.analysis import Analysis
from androguard.decompiler.dad.decompile import DvClass, DvMethodSession-based analysis:
from androguard.session import Session
from androguard.misc import AnalyzeAPK, AnalyzeDexBasic Usage
from androguard.core.apk import APK
from androguard.misc import AnalyzeAPK
# Basic APK analysis
apk_path = "path/to/app.apk"
apk = APK(apk_path)
# Get basic APK information
print(f"Package name: {apk.get_package()}")
print(f"App name: {apk.get_app_name()}")
print(f"Version: {apk.get_androidversion_name()}")
print(f"Permissions: {apk.get_permissions()}")
# Complete analysis with DEX and decompilation
a, d, dx = AnalyzeAPK(apk_path)
# Access classes and methods
for cls in dx.get_classes():
print(f"Class: {cls.name}")
for method in cls.get_methods():
print(f" Method: {method.name}")
# Decompile a specific method
for cls in d:
for method in cls.get_methods():
if method.get_name() == "onCreate":
print(method.get_source())Architecture
Androguard follows a layered architecture enabling comprehensive Android reverse engineering:
- Core Parsers: APK, DEX, AXML, and ARSC parsers handle Android file format processing
- Analysis Layer: Static analysis engine providing control flow, call graphs, and method analysis
- Decompiler: DAD (Dex to Android Decompiler) converts bytecode to readable Java-like source
- Session Management: Persistent sessions for complex analysis workflows
- CLI Tools: Command-line utilities for quick analysis tasks
- Dynamic Analysis: Integration with Frida for runtime analysis and modification
This modular design enables both simple one-off analysis tasks and complex automated security research workflows.
Capabilities
APK Processing
Complete Android Package (APK) file analysis including manifest parsing, resource extraction, signature verification, permission analysis, and file structure inspection.
class APK:
def __init__(self, filename: str, raw: bool = False, skip_analysis: bool = False, testzip: bool = False): ...
def get_package(self) -> str: ...
def get_app_name(self, locale=None) -> str: ...
def get_androidversion_name(self) -> str: ...
def get_permissions(self) -> list[str]: ...
def get_activities(self) -> list[str]: ...
def get_services(self) -> list[str]: ...
def get_receivers(self) -> list[str]: ...
def is_signed(self) -> bool: ...DEX Analysis
Dalvik Executable (DEX) file parsing and bytecode analysis providing access to classes, methods, instructions, and control flow structures.
class DEX:
def get_classes_names(self) -> list[str]: ...
def get_class(self, name: str): ...
def get_methods(self) -> list: ...
def get_fields(self) -> list: ...Android XML Processing
Binary Android XML (AXML) and Android Resource (ARSC) file processing for accessing application resources, layouts, and configuration data.
class AXMLPrinter:
def __init__(self, raw_buff: bytes): ...
def get_xml(self, pretty: bool = True) -> bytes: ...
def is_valid(self) -> bool: ...
class ARSCParser:
def __init__(self, raw_buff: bytes): ...
def get_packages_names(self) -> list[str]: ...
def get_string_resources(self, package_name: str, locale: str = '\x00\x00') -> bytes: ...Static Analysis
Advanced static analysis capabilities including control flow analysis, call graph generation, method analysis, and cross-reference detection.
class Analysis:
def get_classes(self) -> list: ...
def get_methods(self) -> list: ...
def get_call_graph(self): ...
def find_classes(self, class_name: str): ...
def find_methods(self, class_name: str = ".*", method_name: str = ".*"): ...Decompilation
Java-like source code generation from Android bytecode using the DAD (Dex to Android Decompiler) engine.
class DvClass:
def get_source(self) -> str: ...
def get_methods(self): ...
class DvMethod:
def get_source(self) -> str: ...
def get_name(self) -> str: ...Session Management
Persistent analysis sessions for complex workflows, enabling save/restore of analysis state and incremental processing.
class Session:
def __init__(self): ...
def add(self, filename: str, raw_data: bytes = None): ...
def save(self, filename: str): ...
def load(self, filename: str): ...Command Line Tools
Pre-built command-line utilities for common analysis tasks including APK inspection, DEX analysis, signature verification, and more.
def entry_point(): ... # Main CLI entry pointUtility Functions
High-level utility functions for common analysis workflows, providing simplified interfaces for complex operations.
def AnalyzeAPK(filename: str, session=None, raw: bool = False): ...
def AnalyzeDex(filename: str, session=None, raw: bool = False): ...
def get_certificate_name_string(name, short: bool = False) -> str: ...Dynamic Analysis
Runtime analysis and modification capabilities using Frida integration for dynamic analysis, tracing, and runtime manipulation of Android applications.
class Pentest:
def __init__(self): ...
def connect_default_usb(self) -> bool: ...
def attach_package(self, package_name: str, list_file_scripts: list, pid=None) -> bool: ...
def start_trace(self, filename: str, session: Session, list_modules: list, list_packages: list = None) -> None: ...
def dump(self, package_name: str) -> dict: ...Bytecode Utilities
Advanced bytecode analysis and formatting utilities including visualization, export capabilities, and statistical analysis of Android bytecode.
def method2dot(mx: MethodAnalysis, colors: dict = None) -> str: ...
def method2png(filename: str, mx: MethodAnalysis, colors: dict = None) -> None: ...
def method2json(mx: MethodAnalysis, colors: dict = None) -> str: ...
def FormatClassToJava(class_name: str) -> str: ...
def get_package_class_name(class_name: str) -> tuple[str, str]: ...
def get_method_complexity(mx: MethodAnalysis) -> dict: ...Common Types
# Analysis results tuple from AnalyzeAPK
AnalysisResult = tuple[APK, list[DEX], Analysis]
# Analysis results tuple from AnalyzeDex
DexAnalysisResult = tuple[list[DEX], Analysis]
# Permission information
Permission = str
# Certificate information
Certificate = object
# Resource configuration
ResourceConfig = object
# Dynamic analysis types
MessageEvent = object
MessageSystem = object
# Advanced signature types
APKV2SignedData = object
APKV3SignedData = object
APKV2Signer = object
APKV3Signer = object
# Decompiler IR types
IRForm = object
Constant = object
Variable = object
BinaryOperation = object
AssignExpression = object
InvokeInstruction = object
FieldAccess = object
# Basic block types
BasicBlock = object
StatementBlock = object
ConditionalBlock = object
LoopBlock = object
TryBlock = object
ReturnBlock = object
# Method analysis type
MethodAnalysis = object